Jaacostan

In the light of recent cyber bullying incidents, i thought of writing an article that might help some of you on how to respond and what to do when you face such incidents. First of all, let's understand what is a cyber bullying? It is the act of harassing someone using the electronic medium especially Internet. Many of us may already experienced this in one way or another. Some argue it as freedom of expression but at most of the times, it crosses all the boundaries of tolerance and patience. Bullying can happen due to ideological differences, opinions, political or even religious reasons. Now, i will get in to details of these reasons. Most of the bullying may seems as an individual opinion or comment. But there are many groups and organizations who get paid for bullying someone. Yes, it may seems odd but it is a reality. The political parties, religious groups or organizations, ideological movements, fan groups etc have their own IT groups who are assigned

Netmiko, developed by kirk Byers is an open source python library  based on Paramiko which simplifies SSH management to network devices and is primarily used for network automation tasks. Installing Netmiko in linux is a matter o f one single command but if you need to use Netmiko in your Windows PC, follow this process. 1) Install the latest version of Python. 2) Install Anaconda, which is an opensource distribution platform that you can install in Windows and other OS's (https://www.anaconda.com/download/) 3) From the Anaconda Shell, run “ conda install paramiko ”. 4) From the Anaconda Shell, run “ pip install scp ”. 5) Now Install the Git for Windows. (https://www.git-scm.com/downloads) . Git is required for downloading and cloning all the Netmiko library files from Github. 6) From Git Bash window, Clone Netmiko using the following command git clone https://github.com/ktbyers/netmiko&#8221         7) Once the installation is completed, ch

Issue: Cisco FTDv is not allowing the administrator to add a local manager and throwing the following error. "This device does not support local management." Solution/Explanation: Because virtual devices do not have web interfaces, you must use the CLI to register a virtual device to a Cisco Firepower Management Center, which can be physical or virtual.  From your FTDv CLI, add the FMC IP and the registration key (don't forget this key) On FMC , Add a new device. You enter the FTD IP in the host field and the same registration key. Click on Register to add the device and start managing the device from FMC.

BEING A FIREWALL ENGINEER : AN OPERATIONAL APPROACH A Comprehensive guide on firewall management operations and best practices Available on Amazon. Kindle Edition : https://www.amazon.com/dp/B07HDJDG6R Paperback : https://www.amazon.com/dp/172374297X Understand different firewall products and the Packet-flows. Hardening and best practices of firewall management with real world example. Get familiarize with Change management and understand how to incorporate change management process in to firewall management operations. This book give you a broad overview on Firewalls, packet flows, hardening, management & operations and the best practices followed in the industry. Though this book is mainly intended for firewall administrators who are in to operations, this book give a quick introduction and comparisons of the major firewall vendors and their products. In this book I have covered the following topics. •Various Job roles related to Firewalls. •What

Google is shutting down "Inbox by Gmail". "Move from lnbox to Gmail As Gmail continues to improve, we’re working to bring the best features over from Inbox. In the new Gmail, you’ll find workflows that are similar to your favorite ones in Inbox. Support for Inbox will conclude in 2019." Read official statement guide: https://support.google.com/inbox/answer/9117840

So finally some proof has been shown on personal data leakage to the Indian Bureaucrats . As per Government of India, "There is nothing called absolute right to privacy" and the privacy “should be subject to reasonable restrictions.” Read my previous post on Why India needs a Stringent Data Privacy Law? Here. Citizen's personal data has been shared with various organizations those are in sectors like Telecom, Service, retailers, E-commerce etc. In my opinion, before implementing the data sharing, the government must implement some data privacy laws and standards like the European GDPR in India. Once it is implemented and audited properly for the compliance, then the government can consider about data sharing. Currently there is no stringent laws and policies on data leak. The penalty is there for a few clauses but considering the value of the data, the penalty is negligibly small.   The Reply came within hours , Sweet Sour !!! The TRAI chairman challenged A

:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-2::   For Part-1 of this series , Go here. Context of the Organization The organization needs to identify the Internal and external issues that can affect the expected outcome. Hence context becomes an important consideration and helps to ensure that the ISMS is designed and adapted for your organization. -External Issues-external to the organization     External issues may include:     government regulations and changes in the law, Political conditions     economic shifts in your market     Partner,Vendors and competitor.     events that may affect your corporate image     Trends and changes in technology -Internal issues-within the organization and under direct control of the organization.     Internal issues can include :     regulatory requirements for the organization     strategies to conform to your policies and achieve your objectives     relationship with your staff and stakeholders,

:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-1::   ISO/IEC 27001:2013 is an information security management standard. Organizations use it to manage and control the information security risks, to protect and preserve the confidentiality,integrity, and availability of information, and to establish your information security management system (ISMS). -Is a systematic framework to manage information security related risks and protect important information. -Also consists of requirements for an ISMS Annex A- a list of control objectives and controls for information security. -Annex A provides an essential tool for managing security. A list of security controls (or safeguards) that are to be used to improve security of information. -In brief, the Annex A lists the following control objective. This is a very large list which have more sub-topics/controls.     -Security Policy Management     -Corporate Security Management     -Personnel Security Managemen

Modular Policy Framework (MPF) configuration defines set of rules for applying firewall features, such as traffic inspection, QoS etc. to the traffic transiting the firewall There are 3 main components in creating a MPF. 1) Class Map Class map is used to identify the type of traffic. This can be done by creating an ACL. 2) Policy Map Policy Map specifies what action the ASA should take against the traffic identified by the Class Map. 3) Service Policy Finally Service policy specifies where to apply it. The policy is applied to an interface or Globally. Udacity has special offers worldwide to help anyone learn important, higher-paying job skills during this challenging time. Click here to get your offer and start learning now! Sample Illustration Consider the following Command lines. access-list OUTSIDE-TO-INSIDE permit tcp any any eq ftp <--- The above ACL will allow FTP traffic. This ACL can be different than the Interface ACL---> class-map FTP-CLASS-MAP     match ac

On older devices, we should choose the type of cables for connectivity. If it's same kind of device, then a crossover cable and if they are different, then a Straight-through cable. To overcome this inconvenience , there is a feature introduced on network devices , Auto-MDIX. This feature automatically detects the required cable connection type for a connection. That is, whether to use straight or Crossover. If either one of the connection device supports Auto-MDIX, then no matter the device, you can use a crossover or a straight-through cable. It also needs the speed and duplex auto-negotiation feature being enabled on the device.  In other words, with this feature enabled, the interface automatically corrects for any incorrect cabling. And Automatic medium-dependent interface crossover (Auto-MDIX) is enabled by default (from IOS 12.2(20)SE on-wards). Sample Manual configuration is shown below.

So, May 2018 was a remarkable month in the world of data security. European GDPR is now in effect and almost all tech giants are adjusting themselves in order to comply with the data privacy standards. I have consolidated the Privacy policies of the top 5 companies and the link for adjusting/controlling your data privacy. Review your privacy settings and control your own privacy. Google Privacy Policy : https://privacy.google.com/take-control.html Adjust Privacy Settings : https://myaccount.google.com/intro/privacy Facebook Privacy Policy : https://www.facebook.com/privacy/explanation Adjust Privacy Setting : https://www.facebook.com/settings?tab=privacy Instagram Privacy Policy : https://help.instagram.com/519522125107875 Adjust Privacy Settings : https://help.instagram.com/196883487377501 Yahoo Privacy Policy : https://policies.oath.com/ie/en/oath/privacy/index.html Adjust Privacy Settings  : https://policies.oath.com/us/en/oath/privacy/controls/index.html T

 An exam blueprint is a break down the sections of the Exam Syllabus and makes it easier for the test taker to  prepare for the exam. It helps the test taker to understand how many questions in various areas of practice should go on an exam. Effective 1st October 2018, EC-Council will be introducing a new version of the CEH exam blueprint and it is mentioned below. The current CEH blueprint is valid till September 30th 2018. You can find the current blueprint here : https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

Smurf attack. Smurf is a DoS attacking method. In this flood attack, it floods the victim with the ICMP echo packets instead of TCP SYN packets. Also, it is a spoofed broadcast ping request using the victim IP address as the Source IP. Most of the modern devices can deter these kind of attacks and SMURF is rarely a threat today. #hping3 -1 --flood --spoof <target> <broadcast_address> Fraggle attack. Similar to Smurf attack, but instead of using ICMP, Fraggle uses UDP packets over UDP ports 7 and 19. Also will broadcast a UDP packet using spoofed IP address of the victim. All the devices on the network will then respond to the victim similar to the Smurf attack. Land attack In this, the attacker sends spoofed SYN packets to the victim using the Victim's IP address and both source and destination IP. This results in the system constantly replying to itself can  crash the system. #hping3 -c <packet_count> -s <src_port> -d <dst_port> --floo

Nmap. One of the top scanning tool used in Cyber/Networking. There are plenty of scanning techniques that can be used in Nmap. This post is intended to provide a the basic overview on NMap scanning techniques. 1) Ping Scan [-sP] This types of scan is used to detect which computers or devices are online, rather than which ports are open.In this, NMap sends an ICMP ECHO REQUEST packet to the destination system. If an ICMP ECHO REPLY is received, the system is considered as up, and ICMP packets are not blocked.If there is no response to the ICMP ping request, Nmap will try a "TCP Ping", to determine whether ICMP is blocked, or if the host is really not online. A TCP Ping sends either a SYN or an ACK packet to any port (80 is the default) on the remote system. If RST, or a SYN/ACK, is returned, then the remote system is online. If the remote system does not respond, either it is offline, or the chosen port is filtered, and hence it won't be responding to anything.

Most of us, before buying a product from Amazon/Flipkart, or before booking a movie ticket, we might go through the review section to see what others think about it, how good it is?, what are the pros and cons? etc. Let me tell you a fact. Though there are genuine reviews written by genuine customers/users, majority of the reviews are paid reviews. Similarly paid opinions can be seen in forums like Quora, Yahoo Answers.When it comes to social networking websites, there are big companies working for corporate, political parties, ideological institutions. Many of us are addicted to these social networking sites and we like and share things which we are not sure about. All want to monetize their profit and for that they will do even the worst methods to make things viral.These institutions pay millions of money to distribute and publicize their propaganda. In short, to brainwash the audience. When thousands write a good review of a bad product, that product automatically become

Virtualization Based Security is a major Microsoft windows feature released with Windows Server 2016 and Windows 10 Operating System.Credential Guard Feature is available with Windows Server 2016 and Windows 10 Operating Systems to prevent the memory read attempt or in other words protect the Domain Credentials (Kerberos and NTLM) thus Preventing Pass the Hash Attacks (Credential Theft Attack) Credential Guard leverages Virtual Secure Mode (VSM) feature of Virtualization Based Security (VBS) to create Isolate User Modes to process the Codes preventing it from being stolen.The device guard feature also rely on the Virtualization based Security (VBS) Pass the Hash is a fundamental function of Windows for remote administration which will be taken care by the LSASS process (User Mode Process responsible for Authentication and Isolation of users).LSASS is a User Mode Process manages the hash that needs to be passed for remote administration. Upon Enabling Credential Guard, the Local

Many of us encountered the word "Gratuitous" while exploring the network topic on ARP, The Address Resolution Protocol. Before explaining Gratuitous ARP, here is a quick review on how ARP works. ARP provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.For example, Host B wants to send information to Host A but does not have the MAC address of Host A in its ARP cache. Host B shoots a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the same broadcast domain receive the ARP request, and Host A responds with its MAC address. We can see the ARP entries on our computers by entering the command arp -a . So, back to the topic on what is a Gratuitous reply, here is a better explanation. Gratuitous arp is when a device will send an ARP packet that is not a response to a request. Ideally a gratuitous ARP request is an ARP request packe

Hi guys, There is this Organization, that boasts about standards and policies. Yes, though these things are inevitable for the reputation of the company and data security, it actually matters only if it really implemented in practice. I have seen many organizations, that creates policies only for the Audit/Compliance sake.  Do you have a policy on data security? YES Do you have a data security policy implemented in practice? hmmmm!!!. Companies might be certified and meeting the regulatory standards but nothing has actually in practice.  Let me share with you an incident.I accidentally discovered this thing in a normal google search. I searched something and i found an interesting result. Out of curiosity, i clicked on that particular Google search result and it took me to that Company's Employee directory. The Whole directory. I can search any Employee , i can see their Employee code, department and location. If you want to know how big the list is? Yes, a few t

NLB is a software-based load balancer (Windows Feature) that resides on each member in the cluster. Load Balancing is based on number of client connection requests and the NLB algorithm does not dynamically respond to changes in the load on each cluster host (such as the CPU load or memory usage or Network Usage). Thus, If client population is less and/or the connections produce varying loads on the server, the load balancing algorithm of Microsoft NLB is less effective. Udacity has special offers worldwide to help anyone learn important, higher-paying job skills during this challenging time. Click here to get your offer and start learning now! To understand how NLB preserve the session state, first let me take you through the difference between a stateful and stateless connections: Stateless The application connection is said to be stateless if the server does not store any state about the client session instead the session data is saved at th client side. The server does n

On 23rd March 2018, the latest version of TLS ,which is TLS 1.3 has been approved by the IETF. There are a considerable number of improvements and differences in TLS version 1.3 over 1.2. Now the developers need to implement this version in to their products and the actual roll out can be expected soon. Right now, I'm having a Mozilla Firefox version 59.0.1 and by default the TLS1.3 is not yet enabled. But as per some tech forums, the browser does support TLSv1.3 though its not enabled by default. There are some tips available over internet on enabling TLSv1.3 manually but i'm not going to discuss that here. On TLS version 1.3,one of the major improvement is the speed. Those who need a revision on SSL handshake process, can refer to my older post. So the handshake process in TLS1.2 have more packet exchanges. The whole handshake process in TLS 1.3 will be now concluded in just 3 exchanges.  But basically the concept is same. Client starts with HELLO, Se

So the #deletefacebook campaign has been circulating over the internet, lets analyze the impact of deactivation and deletion of Facebook account and how to perform it. Tip : If you don't want to read this article fully, here is the direct link for account deletion :  https://www.facebook.com/help/delete_account Ok lets start, Firstly Deactivation. So as per FB, " Deactivating your account will disable your Profile and remove your name and photo from most things that you've shared on Facebook. Some information may still be visible to others, such as your name in their Friends list and messages that you've sent .". Also " Your Messenger account will remain active unless you deactivate it from the Messenger app. Using Messenger will not reactivate your Facebook account. Your profile picture will still be visible in your conversations and people will still be able to search for you by name to send you a message. You will continue to appear